package org.keycloak.organization.utils;

import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.stream.Stream;
import org.keycloak.TokenVerifier;
import org.keycloak.authentication.actiontoken.inviteorg.InviteOrgActionToken;
import org.keycloak.common.Profile;
import org.keycloak.common.VerificationException;
import org.keycloak.http.HttpRequest;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.organization.protocol.mappers.oidc.OrganizationScope;
import org.keycloak.services.ErrorResponse;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/organization/utils/Organizations.class */
public class Organizations {
    public static boolean canManageOrganizationGroup(KeycloakSession keycloakSession, GroupModel groupModel) {
        if (!GroupModel.Type.ORGANIZATION.equals(groupModel.getType()) || !Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
            return true;
        }
        OrganizationModel resolveOrganization = resolveOrganization(keycloakSession);
        return resolveOrganization != null && resolveOrganization.getId().equals(groupModel.getName());
    }

    public static List<IdentityProviderModel> resolveHomeBroker(KeycloakSession keycloakSession, UserModel userModel) {
        OrganizationProvider provider = getProvider(keycloakSession);
        RealmModel realm = keycloakSession.getContext().getRealm();
        Stream stream = Optional.ofNullable(userModel).stream();
        Objects.requireNonNull(provider);
        List list = stream.flatMap(provider::getByMember).filter((v0) -> {
            return v0.isEnabled();
        }).filter(organizationModel -> {
            return organizationModel.isManaged(userModel);
        }).toList();
        if (list.isEmpty()) {
            return List.of();
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            List list2 = ((OrganizationModel) it.next()).getIdentityProviders().toList();
            Stream filter = keycloakSession.users().getFederatedIdentitiesStream(realm, userModel).map(federatedIdentityModel -> {
                IdentityProviderModel byAlias = keycloakSession.identityProviders().getByAlias(federatedIdentityModel.getIdentityProvider());
                if (list2.contains(byAlias) && keycloakSession.users().getFederatedIdentity(realm, userModel, byAlias.getAlias()) != null) {
                    return byAlias;
                }
                return null;
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            });
            Objects.requireNonNull(arrayList);
            filter.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return arrayList;
    }

    public static Consumer<GroupModel> removeGroup(KeycloakSession keycloakSession, RealmModel realmModel) {
        return groupModel -> {
            if (!GroupModel.Type.ORGANIZATION.equals(groupModel.getType())) {
                realmModel.removeGroup(groupModel);
                return;
            }
            OrganizationModel resolveOrganization = resolveOrganization(keycloakSession);
            try {
                keycloakSession.getContext().setOrganization(getProvider(keycloakSession).getById(groupModel.getName()));
                realmModel.removeGroup(groupModel);
                keycloakSession.getContext().setOrganization(resolveOrganization);
            } catch (Throwable th) {
                keycloakSession.getContext().setOrganization(resolveOrganization);
                throw th;
            }
        };
    }

    public static boolean isEnabledAndOrganizationsPresent(OrganizationProvider organizationProvider) {
        return (organizationProvider == null || !organizationProvider.isEnabled() || organizationProvider.count() == 0) ? false : true;
    }

    public static boolean isEnabledAndOrganizationsPresent(KeycloakSession keycloakSession) {
        if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION)) {
            return isEnabledAndOrganizationsPresent(getProvider(keycloakSession));
        }
        return false;
    }

    public static void checkEnabled(OrganizationProvider organizationProvider) {
        if (organizationProvider == null || !organizationProvider.isEnabled()) {
            throw ErrorResponse.error("Organizations not enabled for this realm.", Response.Status.NOT_FOUND);
        }
    }

    public static InviteOrgActionToken parseInvitationToken(HttpRequest httpRequest) throws VerificationException {
        String str = (String) httpRequest.getUri().getQueryParameters().getFirst("token");
        if (str == null) {
            return null;
        }
        return TokenVerifier.create(str, InviteOrgActionToken.class).getToken();
    }

    public static String getEmailDomain(String str) {
        int indexOf;
        if (str == null || (indexOf = str.indexOf(64)) == -1) {
            return null;
        }
        return str.substring(indexOf + 1);
    }

    public static OrganizationModel resolveOrganization(KeycloakSession keycloakSession) {
        return resolveOrganization(keycloakSession, null, null);
    }

    public static OrganizationModel resolveOrganization(KeycloakSession keycloakSession, UserModel userModel) {
        return resolveOrganization(keycloakSession, userModel, null);
    }

    public static OrganizationModel resolveOrganization(KeycloakSession keycloakSession, UserModel userModel, String str) {
        if (!keycloakSession.getContext().getRealm().isOrganizationsEnabled()) {
            return null;
        }
        Optional ofNullable = Optional.ofNullable(keycloakSession.getContext().getOrganization());
        if (ofNullable.isPresent()) {
            return (OrganizationModel) ofNullable.get();
        }
        OrganizationProvider provider = getProvider(keycloakSession);
        if (provider.count() == 0) {
            return null;
        }
        AuthenticationSessionModel authenticationSession = keycloakSession.getContext().getAuthenticationSession();
        if (authenticationSession != null) {
            String clientNote = authenticationSession.getClientNote("scope");
            OrganizationScope valueOfScope = OrganizationScope.valueOfScope(clientNote);
            Optional ofNullable2 = Optional.ofNullable(authenticationSession.getAuthNote("kc.org"));
            Objects.requireNonNull(provider);
            List list = (List) ofNullable2.map(provider::getById).map((v0) -> {
                return List.of(v0);
            }).orElseGet(() -> {
                return valueOfScope == null ? List.of() : valueOfScope.resolveOrganizations(userModel, clientNote, keycloakSession).toList();
            });
            if (list.size() == 1) {
                return (OrganizationModel) list.get(0);
            }
            if (valueOfScope != null) {
                return null;
            }
        }
        Stream stream = Optional.ofNullable(userModel).stream();
        Objects.requireNonNull(provider);
        Optional findAny = stream.flatMap(provider::getByMember).filter(organizationModel -> {
            return organizationModel.isEnabled() && provider.isManagedMember(organizationModel, userModel);
        }).findAny();
        if (findAny.isPresent()) {
            return (OrganizationModel) findAny.get();
        }
        if (userModel != null && str == null) {
            str = getEmailDomain(userModel.getEmail());
        }
        Optional ofNullable3 = Optional.ofNullable(str);
        Objects.requireNonNull(provider);
        return (OrganizationModel) ofNullable3.map(provider::getByDomainName).orElse(null);
    }

    public static OrganizationProvider getProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(OrganizationProvider.class);
    }

    public static boolean isRegistrationAllowed(KeycloakSession keycloakSession, RealmModel realmModel) {
        if (keycloakSession.getContext().getOrganization() != null) {
            return true;
        }
        return realmModel.isRegistrationAllowed();
    }
}
